I will never recommend or refer anything I do not stand by.
All content on this site is to be human written with absolutely no AI generated content.
I’m not a financial advisor and cannot provide any financial advice.

Happy Money Monday!

Today I’m bringing up secure payments using mobile devices.

Google Wallet and Apple Wallet allow you to store digital references of your cards for secure use. You can avoid credit card skimmers and avoid carrying all of your physical cards by adding them to your phone. Your phone links with your bank and may securely store and cycle offline payment tokens that act as one-time-use burner cards that can’t be charged again fraudulently by vendors. With iOS, your cards are typically stored on the “Secure Enclave” of the iPhone, where on Android, it’s in the “Secure Element” if your phone has one, or otherwise it will fall back to the OS software to secure your credentials. This means, your cards need to have verification that YOU are ready to pay by proving you are there before any payment token is released to a vendor, and in nearly all cases, your phone must be unlocked to tap and pay, and you may have to authenticate with biometrics or a PIN. Apple does allow having a dedicated transit card for paying for rides without unlocking your iPhone.

The big “under the hood” benefit is that your wallet is secure, as you aren’t using the same payment token each time, unlike swiping a physical card. The other major benefit is convenience as you have the cards you need ready to tap to make purchases in stores. This means that if you have several credit cards for different types of transactions, you can choose which one without digging through a wallet.

It is important to note that some vendors are still using older Point-of-Sale systems that don’t support Tap To Pay and only handle stripe-reader card swipes. Samsung Pay on older devices actually let you simulate a card swipe for card readers that don’t support this, however this feature was removed with newer Samsung devices because it enabled a lot of fraudulent transactions. Samsung Pay in the present day performs similar to Google Wallet in how it secures your cards, but in most cases, you can choose which ecosystem you would prefer to use when on a Samsung phone and are not locked to Samsung Pay.

You can also store most loyalty reward cards on your wallets, either by scanning the physical cards (which Google Wallet allows) or adding them in from companion apps. Instead of having to load the right app at the right point, you just have to open your wallet app and scan from there. Some vendors like Walgreens can even hook in and load your loyalty card when tapping to pay, saving you the extra step of scanning your card or entering your phone number. Unfortunately, Costco doesn’t appear to want to support this feature, though you can still scan your physical membership card barcode, but they encourage using barcodes in their mobile app.

It’s also becoming relatively common to add access passes to these wallets, such as travel and concert tickets. These will come from links in emails or mobile apps and websites when applicable. There’s less of a demand to print out physical tickets when you can pay and enter using the phone you already have, though when dealing with critical travel, it’s always a good idea to have a backup in case your phone dies or is stolen, or you lose your paper tickets, so why not have both!

Another up-and-coming convenience of these Wallet apps are that you can add your IDs for a handful of US states, though this is being adapted relatively slowly and often only being accepted for use by the TSA and limited state-level use. You can not add USA passports to your phone.

You can also add your cards to some wearable devices. FitBit and WearOS devices support various forms of Google Wallet. Apple Watches similarly support the Apple ecosystem. Samsung wearables often allow a choice of either Google or Samsung Pay.

One important thing to note: While you are protected from fraud both by your phone and banking regulations, it’s there is a small complication with a particular combination of the two. If you have a Visa card in your “Transit Card” slot on an iPhone, there is unfortunately an unpatched vulnerability that could theoretically have a fraudster trick your device into authorizing a large transaction by having your phone think it is a small, low-risk transaction. Therefore, even though there is no widespread attacks of this finding, you should always be vigilant and check your financial statements and push notifications to be sure that the only payments you were charged were actually performed by you, and if not, to contact your banking institution.